Exploring How Students Solve Open-ended Assignments: A Study of SQL Injection Attempts in a Cybersecurity Course

Charles Koutcheme; Artturi Tilanterä; Aleksi Peltonen; Arto Hellas; Lassi Haaranen

doi:10.1145/3502718.3524748

Exploring How Students Solve Open-ended Assignments: A Study of SQL Injection Attempts in a Cybersecurity Course

Charles Koutcheme, Artturi Tilanterä, Aleksi Peltonen, Arto Hellas, Lassi Haaranen

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

4 Citations (Scopus)

76 Downloads (Pure)

Abstract

Research into computing and learning how to program has been ongoing for decades. Commonly, this research has been focused on novice learners and the difficulties they encounter, especially during CS1. Cybersecurity is a critical aspect in computing - as a topic in university education as well as a core skill in the industry. In this study, we investigate how students solve open-ended assignments on a cybersecurity course offered to university students after two years of CS studies. Specifically, we looked at how students perform SQL injection attacks on an web application system, and study to what extent we can characterize the process in which they come up with successful injections. Our results show that there are distinguishable strategies used by individual students who seek to hack the system, where these approaches revolve around exploration and exploitation tactics. We also find evidence of learning due to a more pronounced use of exploitation in a subsequent similar assignment.

Original language	English
Title of host publication	ITiCSE 2022 - Proceedings of the 27th ACM Conference on Innovation and Technology in Computer Science Education
Publisher	ACM
Pages	75-81
Number of pages	7
ISBN (Electronic)	978-1-4503-9201-3
DOIs	https://doi.org/10.1145/3502718.3524748
Publication status	Published - 7 Jul 2022
MoE publication type	A4 Conference publication
Event	Annual Conference on Innovation and Technology in Computer Science Education - University College Dublin, Dublin, Ireland Duration: 8 Jul 2022 → 13 Jul 2022 Conference number: 27 https://iticse.acm.org/2022/

Publication series

Name	Annual Conference on Innovation and Technology in Computer Science Education, ITiCSE
Publisher	ACM
Volume	1
ISSN (Print)	1942-647X

Conference

Conference	Annual Conference on Innovation and Technology in Computer Science Education
Abbreviated title	ITiCSE
Country/Territory	Ireland
City	Dublin
Period	08/07/2022 → 13/07/2022
Internet address	https://iticse.acm.org/2022/

Keywords

database security
education
problem solving
sql injection

Access to Document

10.1145/3502718.3524748

Exploring How Students Solve Open-ended AssignmentsFinal published version, 1.06 MB

Cite this

Koutcheme, C., Tilanterä, A., Peltonen, A., Hellas, A., & Haaranen, L. (2022). Exploring How Students Solve Open-ended Assignments: A Study of SQL Injection Attempts in a Cybersecurity Course. In ITiCSE 2022 - Proceedings of the 27th ACM Conference on Innovation and Technology in Computer Science Education (pp. 75-81). (Annual Conference on Innovation and Technology in Computer Science Education, ITiCSE; Vol. 1). ACM. https://doi.org/10.1145/3502718.3524748

Koutcheme, Charles ; Tilanterä, Artturi ; Peltonen, Aleksi et al. / Exploring How Students Solve Open-ended Assignments : A Study of SQL Injection Attempts in a Cybersecurity Course. ITiCSE 2022 - Proceedings of the 27th ACM Conference on Innovation and Technology in Computer Science Education. ACM, 2022. pp. 75-81 (Annual Conference on Innovation and Technology in Computer Science Education, ITiCSE).

@inproceedings{8c30723919854b22bc69614b081815d8,

title = "Exploring How Students Solve Open-ended Assignments: A Study of SQL Injection Attempts in a Cybersecurity Course",

abstract = "Research into computing and learning how to program has been ongoing for decades. Commonly, this research has been focused on novice learners and the difficulties they encounter, especially during CS1. Cybersecurity is a critical aspect in computing - as a topic in university education as well as a core skill in the industry. In this study, we investigate how students solve open-ended assignments on a cybersecurity course offered to university students after two years of CS studies. Specifically, we looked at how students perform SQL injection attacks on an web application system, and study to what extent we can characterize the process in which they come up with successful injections. Our results show that there are distinguishable strategies used by individual students who seek to hack the system, where these approaches revolve around exploration and exploitation tactics. We also find evidence of learning due to a more pronounced use of exploitation in a subsequent similar assignment. ",

keywords = "database security, education, problem solving, sql injection",

author = "Charles Koutcheme and Artturi Tilanter{\"a} and Aleksi Peltonen and Arto Hellas and Lassi Haaranen",

note = "Publisher Copyright: {\textcopyright} 2022 ACM.; Annual Conference on Innovation and Technology in Computer Science Education, ITiCSE ; Conference date: 08-07-2022 Through 13-07-2022",

year = "2022",

month = jul,

day = "7",

doi = "10.1145/3502718.3524748",

language = "English",

series = "Annual Conference on Innovation and Technology in Computer Science Education, ITiCSE",

publisher = "ACM",

pages = "75--81",

booktitle = "ITiCSE 2022 - Proceedings of the 27th ACM Conference on Innovation and Technology in Computer Science Education",

address = "United States",

url = "https://iticse.acm.org/2022/",

}

Koutcheme, C, Tilanterä, A, Peltonen, A, Hellas, A & Haaranen, L 2022, Exploring How Students Solve Open-ended Assignments: A Study of SQL Injection Attempts in a Cybersecurity Course. in ITiCSE 2022 - Proceedings of the 27th ACM Conference on Innovation and Technology in Computer Science Education. Annual Conference on Innovation and Technology in Computer Science Education, ITiCSE, vol. 1, ACM, pp. 75-81, Annual Conference on Innovation and Technology in Computer Science Education, Dublin, Ireland, 08/07/2022. https://doi.org/10.1145/3502718.3524748

Exploring How Students Solve Open-ended Assignments: A Study of SQL Injection Attempts in a Cybersecurity Course. / Koutcheme, Charles; Tilanterä, Artturi; Peltonen, Aleksi et al.
ITiCSE 2022 - Proceedings of the 27th ACM Conference on Innovation and Technology in Computer Science Education. ACM, 2022. p. 75-81 (Annual Conference on Innovation and Technology in Computer Science Education, ITiCSE; Vol. 1).

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

TY - GEN

T1 - Exploring How Students Solve Open-ended Assignments

T2 - Annual Conference on Innovation and Technology in Computer Science Education

AU - Koutcheme, Charles

AU - Tilanterä, Artturi

AU - Peltonen, Aleksi

AU - Hellas, Arto

AU - Haaranen, Lassi

N1 - Conference code: 27

PY - 2022/7/7

Y1 - 2022/7/7

N2 - Research into computing and learning how to program has been ongoing for decades. Commonly, this research has been focused on novice learners and the difficulties they encounter, especially during CS1. Cybersecurity is a critical aspect in computing - as a topic in university education as well as a core skill in the industry. In this study, we investigate how students solve open-ended assignments on a cybersecurity course offered to university students after two years of CS studies. Specifically, we looked at how students perform SQL injection attacks on an web application system, and study to what extent we can characterize the process in which they come up with successful injections. Our results show that there are distinguishable strategies used by individual students who seek to hack the system, where these approaches revolve around exploration and exploitation tactics. We also find evidence of learning due to a more pronounced use of exploitation in a subsequent similar assignment.

AB - Research into computing and learning how to program has been ongoing for decades. Commonly, this research has been focused on novice learners and the difficulties they encounter, especially during CS1. Cybersecurity is a critical aspect in computing - as a topic in university education as well as a core skill in the industry. In this study, we investigate how students solve open-ended assignments on a cybersecurity course offered to university students after two years of CS studies. Specifically, we looked at how students perform SQL injection attacks on an web application system, and study to what extent we can characterize the process in which they come up with successful injections. Our results show that there are distinguishable strategies used by individual students who seek to hack the system, where these approaches revolve around exploration and exploitation tactics. We also find evidence of learning due to a more pronounced use of exploitation in a subsequent similar assignment.

KW - database security

KW - education

KW - problem solving

KW - sql injection

UR - http://www.scopus.com/inward/record.url?scp=85134431640&partnerID=8YFLogxK

U2 - 10.1145/3502718.3524748

DO - 10.1145/3502718.3524748

M3 - Conference article in proceedings

AN - SCOPUS:85134431640

T3 - Annual Conference on Innovation and Technology in Computer Science Education, ITiCSE

SP - 75

EP - 81

BT - ITiCSE 2022 - Proceedings of the 27th ACM Conference on Innovation and Technology in Computer Science Education

PB - ACM

Y2 - 8 July 2022 through 13 July 2022

ER -

Koutcheme C, Tilanterä A, Peltonen A, Hellas A , Haaranen L. Exploring How Students Solve Open-ended Assignments: A Study of SQL Injection Attempts in a Cybersecurity Course. In ITiCSE 2022 - Proceedings of the 27th ACM Conference on Innovation and Technology in Computer Science Education. ACM. 2022. p. 75-81. (Annual Conference on Innovation and Technology in Computer Science Education, ITiCSE). doi: 10.1145/3502718.3524748

Exploring How Students Solve Open-ended Assignments: A Study of SQL Injection Attempts in a Cybersecurity Course

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Science-IT

Cite this

Exploring How Students Solve Open-ended Assignments: A Study of SQL Injection Attempts in a Cybersecurity Course

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Equipment

Science-IT

Cite this